Docker OpenShift OpenStack and Containerization: October 2017

Thursday, October 19, 2017

OpenStack Orchestration Heat to implement a glance cirros image heat template

The YAML file for the template is as filename '13cirros64bitimage.yml'
---
# for Newton release of OpenStack
#
heat_template_version: 2016-10-14

description: glance image

resources:
glancecirros64bitimage:
type: OS::Glance::Image
properties:
name: cirros_64_qcow2
is_public: true
container_format: bare
disk_format: qcow2
location: http://webserver.netx.sujit.com/images/cirros-0.3.5-x86_64-disk.img

outputs:
glancecentos64bitimage_info:
value: { get_attr: [ glancecirros64bitimage ] }

------

Running 'openstack stack create' for the stack implementation

Now confirm that the glance image is in place

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# glance image-list | grep cirros_64_qcow2
| 634b286c-39b3-4540-a9c0-9dde812d548d | cirros_64_qcow2 |
[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]#

--

See the image

the image is in place also active

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# glance image-show 634b286c-39b3-4540-a9c0-9dde812d548d
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | None |
| container_format | bare |
| created_at | 2017-10-19T22:17:33Z |
| disk_format | qcow2 |
| id | 634b286c-39b3-4540-a9c0-9dde812d548d |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros_64_qcow2 |
| owner | 49b25ce4022c492fa0c1eab4fc6c7419 |
| protected | False |
| size | 13267968 |
| status | active |
| tags | [] |
| updated_at | 2017-10-19T22:17:33Z |
| virtual_size | None |
| visibility | public |
+------------------+--------------------------------------+
[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]#

-------

Using OpenStack Orchestration heat stack to have the custom flavor in place OpenStack Newton

Using OpenStack Orchestration heat stack to have the custom flavor in place

The stack YAML file here helps to create a custom flavor

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# cat 12NovaFlavor.yml
---
# for Newton release of OpenStack
#
heat_template_version: 2016-10-14

description: Nova Flavor

resources:
NovaFlavor1:
type: OS::Nova::Flavor
properties:
is_public: true
name: novaflavor1
disk: 10
ram: 4096
swap: 1
vcpus: 1
outputs:
NovaFlavor_info:
value: { get_attr: [NovaFlavor1]}
[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]#

This stack as run will create the flavor of the name as 'novaflavor1' having the specifications of the flavor as

disk size: 10GB
RAM size: 4GB
Swap size: 1GB
Virt CPU count: 1

---

Run the stack

Confirming the creation of the nova flavor

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# openstack flavor list
+--------------------------------------+-------------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+--------------------------------------+-------------+-------+------+-----------+-------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 1e77331d-56d1-4849-a260-dafc4b88cb76 | novaflavor1 | 4096 | 10 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+--------------------------------------+-------------+-------+------+-----------+-------+-----------+
[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]#

OpenStack Orchestration Heat for Creation of a Public Key using Heat Stack OpenStack newton

OpenStack Orchestration Heat for Creation of a Public Key using Heat Stack

--

The Stack YAML file for creation of a Public key is as

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# cat 11privatekey.yml
---
# for Newton release of OpenStack
#
heat_template_version: 2016-10-14

description: private key

resources:
privatekey1:
type: OS::Nova::KeyPair
properties:
name: keypair1
save_private_key: true

outputs:
privatekey1_info:
value: { get_attr: [privatekey1]}
[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]#

------

Create the stack
The Stack creates a public key with the name of 'Keypair1'

---

openstack stack create -t 11privatekey.yml privatekeypair1

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# openstack stack create -t 11privatekey.yml privatekeypair1
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| id | 692e74db-2a99-43fe-ad3b-5ff169d982bc |
| stack_name | privatekeypair1 |
| description | private key |
| creation_time | 2017-10-19T21:49:37Z |
| updated_time | None |
| stack_status | CREATE_IN_PROGRESS |
| stack_status_reason | Stack CREATE started |
+---------------------+--------------------------------------+
[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]#

--
The stack is being implemented
Confirm the same as keypair1 is created

--

openstack keypair show keypair1

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# openstack keypair show keypair1

+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| created_at | 2017-10-19T21:49:38.000000 |
| deleted | False |
| deleted_at | None |
| fingerprint | 7a:f3:a5:1e:36:86:e7:25:f6:99:3c:b0:75:e7:3f:e1 |
| id | 2 |
| name | keypair1 |
| updated_at | None |
| user_id | 1db28c8710b04be7968935f5edcf0971 |
+-------------+-------------------------------------------------+
[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]#

---

OpenStack Orchestration Heat to implement a Security Group along with the rules.

Have a stack to define a security Group as well as to create the rules in that group.

---

The heat stack YAML file to add the rules to the security group is

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# cat 09securitygroup.yml
---
# for Newton release of OpenStack
#
heat_template_version: 2016-10-14

description: put a security group

resources:
securitygroup:
type: OS::Neutron::SecurityGroup
properties:
name: securitygroup80-443-22-ICMP
#rules:
#type: list
rules:
- { direction: ingress, ethertype: IPv4, protocol: icmp, remote_ip_prefix: 0.0.0.0/0 }
- { direction: ingress, ethertype: IPv4, port_range_min: 22, port_range_max: 22, protocol: tcp, remote_ip_prefix: 0.0.0.0/0 }
- { direction: ingress, ethertype: IPv4, port_range_min: 80, port_range_max: 80, protocol: tcp, remote_ip_prefix: 0.0.0.0/0 }
- { direction: ingress, ethertype: IPv4, port_range_min: 443, port_range_max: 443, protocol: tcp, remote_ip_prefix: 0.0.0.0/0 }

outputs:
subnet_info:
value: { get_attr: [securitygroup]}
[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]#

---

The above YAML file template as called using the OpenStack orchestration as a template, will add the following rules to the security group 'securitygroup80-443-22-ICMP'.
This YAML file in the process of implementing the stack also creates the security group 'securitygroup80-443-22-ICMP' first.

ingress from 0.0.0.0/0 for PING
ingress from 0.0.0.0/0 for SSH TCP 22
ingress from 0.0.0.0/0 for HTTP TCP 80
ingress from 0.0.0.0/09 for HTTPS TCP 443

---

Implement the stack

Confirm the security group and rules

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# neutron security-group-list | grep ICMP
| dc2a8841-cd94-4349-8643-942f2b2596b7 | securitygroup80-443-22-ICMP | egress, IPv4 |
[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]#

Confirm the

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# neutron security-group-show securitygroup80-443-22-ICMP
+----------------------+--------------------------------------------------------------------+
| Field | Value |
+----------------------+--------------------------------------------------------------------+
| created_at | 2017-10-19T21:40:40Z |
| description | |
| id | dc2a8841-cd94-4349-8643-942f2b2596b7 |
| name | securitygroup80-443-22-ICMP |
| project_id | 49b25ce4022c492fa0c1eab4fc6c7419 |
| revision_number | 5 |
| security_group_rules | { |
| | "remote_group_id": null, |
| | "direction": "ingress", |
| | "protocol": "tcp", |
| | "description": "", |
| | "ethertype": "IPv4", |
| | "remote_ip_prefix": "0.0.0.0/0", |
| | "port_range_max": 22, |
| | "updated_at": "2017-10-19T21:40:40Z", |
| | "security_group_id": "dc2a8841-cd94-4349-8643-942f2b2596b7", |
| | "port_range_min": 22, |
| | "revision_number": 1, |
| | "tenant_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "created_at": "2017-10-19T21:40:40Z", |
| | "project_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "id": "267fc284-9657-41c1-b221-bb737d50e709" |
| | } |
| | { |
| | "remote_group_id": null, |
| | "direction": "ingress", |
| | "protocol": "icmp", |
| | "description": "", |
| | "ethertype": "IPv4", |
| | "remote_ip_prefix": "0.0.0.0/0", |
| | "port_range_max": null, |
| | "updated_at": "2017-10-19T21:40:40Z", |
| | "security_group_id": "dc2a8841-cd94-4349-8643-942f2b2596b7", |
| | "port_range_min": null, |
| | "revision_number": 1, |
| | "tenant_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "created_at": "2017-10-19T21:40:40Z", |
| | "project_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "id": "64b97157-fa46-4bfe-84cb-da7ba9c8e76b" |
| | } |
| | { |
| | "remote_group_id": null, |
| | "direction": "ingress", |
| | "protocol": "tcp", |
| | "description": "", |
| | "ethertype": "IPv4", |
| | "remote_ip_prefix": "0.0.0.0/0", |
| | "port_range_max": 443, |
| | "updated_at": "2017-10-19T21:40:41Z", |
| | "security_group_id": "dc2a8841-cd94-4349-8643-942f2b2596b7", |
| | "port_range_min": 443, |
| | "revision_number": 1, |
| | "tenant_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "created_at": "2017-10-19T21:40:41Z", |
| | "project_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "id": "87d969f5-d315-4ab3-ba28-fe1de7f0988b" |
| | } |
| | { |
| | "remote_group_id": null, |
| | "direction": "egress", |
| | "protocol": null, |
| | "description": null, |
| | "ethertype": "IPv4", |
| | "remote_ip_prefix": null, |
| | "port_range_max": null, |
| | "updated_at": "2017-10-19T21:40:40Z", |
| | "security_group_id": "dc2a8841-cd94-4349-8643-942f2b2596b7", |
| | "port_range_min": null, |
| | "revision_number": 1, |
| | "tenant_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "created_at": "2017-10-19T21:40:40Z", |
| | "project_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "id": "b1903a87-8ae4-40d0-b6d9-75276eb2e4cf" |
| | } |
| | { |
| | "remote_group_id": null, |
| | "direction": "egress", |
| | "protocol": null, |
| | "description": null, |
| | "ethertype": "IPv6", |
| | "remote_ip_prefix": null, |
| | "port_range_max": null, |
| | "updated_at": "2017-10-19T21:40:40Z", |
| | "security_group_id": "dc2a8841-cd94-4349-8643-942f2b2596b7", |
| | "port_range_min": null, |
| | "revision_number": 1, |
| | "tenant_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "created_at": "2017-10-19T21:40:40Z", |
| | "project_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "id": "b845f9ed-4aed-46f4-8480-de6560f781b8" |
| | } |
| | { |
| | "remote_group_id": null, |
| | "direction": "ingress", |
| | "protocol": "tcp", |
| | "description": "", |
| | "ethertype": "IPv4", |
| | "remote_ip_prefix": "0.0.0.0/0", |
| | "port_range_max": 80, |
| | "updated_at": "2017-10-19T21:40:40Z", |
| | "security_group_id": "dc2a8841-cd94-4349-8643-942f2b2596b7", |
| | "port_range_min": 80, |
| | "revision_number": 1, |
| | "tenant_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "created_at": "2017-10-19T21:40:40Z", |
| | "project_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "id": "f5633437-f842-470d-997c-e5279e31f0eb" |
| | } |
| tenant_id | 49b25ce4022c492fa0c1eab4fc6c7419 |
| updated_at | 2017-10-19T21:40:41Z |
+----------------------+--------------------------------------------------------------------+

Openstack heat orchestration to have a Security Group on OpenStack using the heat template

--------------

The YAML file for the security group is given below.
Please note that this YAML file will implement a security group with the default egress rules as such.
For having a security group with the rules also put in the security group as the security group is in implementation: please see the next post.

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# cat 07securitygroup.yml
---
# for Newton release of OpenStack
#
heat_template_version: 2016-10-14

description: put a security group

resources:
securitygroup:
type: OS::Neutron::SecurityGroup
properties:
name: securitygroup1

outputs:
subnet_info:
value: { get_attr: [securitygroup]}
[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]#

---

Create the security group using the stack

See the security group has been created

openstack security group list | grep -i securitygroup1

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# openstack security group list | grep -i securitygroup1
| 8630ac7b-7fbb-45c7-a23e-f89d06804b62 | securitygroup1 | | 49b25ce4022c492fa0c1eab4fc6c7419 |
[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]#